[sanesecurity] Re: winnow additions

  • From: "Grayhat" <grayhat@xxxxxxx>
  • To: <sanesecurity@xxxxxxxxxxxxx>
  • Date: Tue, 14 Feb 2012 21:48:34 +0100

Cool !! So at end Emanuele did it :) !

Yes, he did and we are adding more feeds. Presently we have a small
overlap (because there are TONS on cracked sites now.  We are working to
better categorized and higher detection rate.

This is *good* news :) ! As for the cracked sites... did you consider setting
up something like the "project honeypot" (www.projecthoneypot.org) kind of
access ? I mean, some kind of "API" to allow spamfilters to use the list even w/o the need to run an "AV scan" ... see, I'm in contact with the folks which
are in charge of ASSP development and some "open API" would be cool :D

A question; are the complete sigs fully added to the winnow DBs or are
you performing some kind of "filtering" on them ? Just curious; as a
note I've been testing those sigs (and I think Steve did the same) for
a while by directly fetching them from the bofhland page :D

 I just decided that Emanuele and I had such good results using his and
mine that I would do something for get it out there.  Looks like we found
traction ;-)  I have been talking to Steve and I hope he will be adding
directly instead. As Steve said its cleaner.

Aye, saw Steve's post and, at a point, I was wondering if there was some
overlap (that is, winnow + bofhland) but now I see this isn't the case; all in all, I think this is a good idea since it will allow more "fine tuning" :) what
else... yeah, if someone here needs a "win" download script, just holler,
nothing fancy, mind me, but since I *had* to write it, I decided to put it
together to be flexible enough :)

Other related posts: